Jump to content

Stephen

Members
 View Profile  See their activity

  • Posts

    200

  • Joined

  • Last visited

    Never

 Content Type 

Everything posted by Stephen

  1. Stephen
    You need to connect before you use any mysql function. I edited Andys code: <?php session_start(); if(isset($_POST['login'])) { //Include Config File For DB info.. include 'db.php'; //Connect TO The MySQL Server $connect = mysql_connect($db_host,$db_username,$db_password) or die("MySQL Said:".mysql_error()); $database = mysql_select_db($db_database,$connect) or die("MySQl Said:".mysql_error()); $login = mysql_real_escape_string($_POST['user']); $pwd = mysql_real_escape_string($_POST['pwd']); $link = mysql_query("SELECT * FROM `pilots` where login='$login' and pwd='$pwd'") or die("MySQL Said:".mysql_error()); $count = mysql_num_rows($link); $data = mysql_fetch_assoc($link); if($count == 1) { if($data['status'] == 0) { echo '<center>Your Account Is Not Active.</center>'; } else { if($data['status'] == 2) { echo '<center><FONT COLOR =ff001b>Your Account Has Been Suspended.</center></FONT COLOR>'; } else { $_SESSION['login']=$login; $_SESSION['pwd']=$pwd; ?> <center> <h7><i><b>Pilots Panel</b></i></h7></br> <a href="filepirep.php">File Pirep</a></br> <a href="fileloa.php">File LOA</a></br> <a href="sigs.php">Signatures</a></br> <a href="profile.php">My Profile</a></br> <a href="pevetnts.php">Events</a></br> <a href="roster.php">VIew Roster</a></br> <a href="resign.php"><font color="#FF0000">Resignation Form</font Color> <br> <h7><i><b>Pilots Tools</b></i></h7></br> <a href="http://www.fspassengers.com/"> FS Passengers</a></br> </center> <?php if($data['hm'] == 1) { ?> <center> <h7><i><b>Hub Manager Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a> <a href="awards.php">Grant Award</a></br> </center> <?php } if($data['fm'] == 1) { ?> <center> <h7><i><b>Fleet Manager Panel</b></i></h7></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="manageaircraft.php">Manage Aircraft</a> </center> <?php } if($data['ed'] == 1) { ?> <center> <h7><i><b>Events Director Panel</b></i></h7></br> <a href="addevents.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a> </center> <?php } if($data['hr'] == 1) { ?> <center> <h7><i><b>Human Rescources Panel</b></i></h7></br> <a href="newpilots.php">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } if($data['bm'] == 1) { ?> <center> <h7><i><b>Executive Staff Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a> <a href="awards.php">Grant Award</a></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="addstaffmember.php">Grant Staff Acesses</a></br> <a href="revokestaffmember.php">Revoke Staff Acesses</a></br> <a href="manageaircraft.php">Manage Aircraft</a></br> <a href="addevents.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a></br> <a href="newpilots.php">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } } } } else { echo '<center><FONT COLOR =ff001b> Your <i>Pilot ID And/Or Password</i> is wrong!</center></FONT COLOR>'; ?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action= "<?php echo $_SERVER['php_self']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="user" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <? } ?> <? } else { ?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action= "<?php echo $_SERVER['php_self']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="user" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <?php } ?>
  2. Stephen
    You just edit the x and y coordinates in imagestring.
  3. Stephen
    You could chmod: 773 it. Not sure if that's what you want though.
  4. Stephen
    Well would be good to get have one that does When you use ignore_user_abort, it will still run even if the user closes out of the page (I believe). Also using sleep will have it rest for 24 hours to do it again. Cron would be better to do though.
  5. Stephen
    That's why you do: set_time_limit(0);
  6. Stephen
    If you don't like cron you could try this: ignore_user_abort(true); set_time_limit(0); do { //Code here sleep(86400); //24 hrs } while (true); Not tested. I'm sure cron would be much more efficient though, of course I have no experience with it though.
  7. Stephen
    It depends if shorttags is enabled/disabled in your php.ini file. I haven't messed with php.ini much so you may want to look it up too.
  8. Stephen
    It's better to make them work then to just give them the plain-text password.
  9. Stephen
    If someone steals your database, all they see is some random jibberish. You should also salt your passwords. Here's an example (you will need a salt function to make $salt = say a ten character salt. they're all random characters.) Register: mysql_query("INSERT INTO users (name, password, salt) VALUES ('".$_POST["name"]."', '".md5(md5($_POST["password") . $salt)."', '".$salt."')"); Login: //this is just checking password if ($rows["password"] == md5(md5($_POST["password"]) . $rows["salt"])) { //correct password } You could also try whirlpool encryption. Note: that is not a safe query. Also, these wouldn't work just like that. But those are just examples on inputting it and checking it.
  10. Stephen
    ... http://members.aol.com/barryaandrew/xmlhttp/article.html
  11. Stephen
    Could use this: $_pics = ""; $_pics_temp = ""; $_done = 0; foreach ($_FILES as $_key => $_value) { if(!empty($_FILES[$_key]['name'])) { $_pics .= $_FILES[$_key]['name'].","; $_pics_temp .= $_FILES[$_key]['tmp_name'].","; } } $_pics = explode(",", substr($_pics, 0, strlen($_pics)-1)); $_pics_temp = explode(",", substr($_pics_temp, 0, strlen($_pics_temp)-1)); $totalPics = count($_pics); foreach($_pics_temp as $_key => $_value) { $_rand = rand(0, 1000); if (is_uploaded_file($_value) && copy($_value, "$fileName$_rand$ext")) { $_sql = sprintf("INSERT INTO images (namestatiune, filename, width, height) VALUES ('%s', '%s', '%d', '%d')", $numestatiune, $fileName.$_rand.$ext, $newwidth, $newheight); if (mysql_query($_sql)) { $_done++; } } } echo("You have uploaded -".$_done."- image(s)."); I haven't really tested it though...
  12. Stephen
    It should be more like: UPDATE members SET password = '$new_pass' WHERE email = '$reset_email'
  13. Stephen
    It has to be included somewhere in the script so why can't you post it? Probably in "header.php" or something...
  14. Stephen
    Not sure what you mean. You mean like: "Well this is my new blogging system. It will automatically cut off wo... [READ MORE]" If you mean like that you can use substr on the front page and then just make a page something like: <?php //readme.php $_readid=$_GET["id"]; $_return=mysql_query("SELECT * FROM table WHERE id = '".$_readid."' LIMIT 1"); $_rows=mysql_fetch_array($_return); echo(nl2br($_rows["content"])); ?> "Well this is my new blogging system. It will automatically cut off wo... <a href='readme.php?id=1'>[READ MORE]</a>" Keep in mind there is no security on that, so you will want to add some. EDIT: This forum turns < /a> into [ /url] =\
  15. Stephen
    What is the rest of your code? With setting $new_pass, $reset_email variables and stuff. If reset email is an --email-- why would you check for it in a --password-- column? And as cooldude said it should be WHERE userid = '$myuserid' Otherwise it will update every password from "lol" to "lol2".
  16. Stephen
    As Blade said... what is your registerNewUser function ;-;.
  17. Stephen
    Yeah I have that. You can disable/enable javascript/flash objects/java objects/etc.. Really useful so you don't get Rick Roll'd. XD.
  18. Stephen
    Well you aren't echoing anything anywhere so I assume it should be like this: $types_temp = array(); $types_temp2 = array(); $types_temp3 = array(); $types_temp = explode(',', $info['project_types']); foreach ($types_temp as $value) { if(isset($categories[$value]['title'])) { $types_temp2[] = $categories[$value]['title']; } } $types_temp3 = implode(', ', $types_temp2); $_string_new=substr($types_temp3,0,100); echo(wordwrap($_string_new,25,"<br />\n"));
  19. Stephen
    Try replacing it with this: } else { echo "<form method=\"post\">"; echo "Current UserName: <input type=\"text\" name=\"Cuser\" value=\"".$_SESSION['user']."\" /><br />"; echo "New UserName: <input type=\"text\" name=\"NewUser\" value=\"\" /><br />"; echo "<input type=\"submit\" name=\"submit\" value=\"Submit\" />"; }
  20. Stephen
    I try to use that also when I do queries. It's good because you can isolate the variables and find them alot easier.
  21. Stephen
    Well what regiemon posted is a starter (for one line). Try this: $_string="onehundredandonecharacter1111111111111111111111111111111111111111111111111111111111111111111111111120"; $_string_new=substr($_string,0,100); echo(wordwrap($_string_new,25,"<br />\n"));
  22. Stephen
    Try something like: $_barcode=29971042354455; if (substr(strval($_barcode),0,5)==="29971")) { echo("Correct"); }
  23. Stephen
    What's the code your using?
  24. Stephen
    The first one is a r57shell. Second one doesn't look harmful as much. Third one is the same as the second. Fourth is the same as the third. Fifth is checking if you have commands like exec or passthru enabled (I think). Sixth is the same as the fourth. Seventh is the same as the first (r57shell). They're trying to inject a shell into your site so they can have access to it. A shell is "A generic term that refers to the interface that gives the user control over the system.". You should report that site to Yahoo or Geocities and have it taken down. Steps to fix this problem? If you have something like: include($_GET["dir_inc"].".php"); They can inject their own files to your server. Try using something like: if (file_exists($_SERVER["DOCUMENT_ROOT"]."/".$_GET["dir_inc"].".php")) { include($_GET["dir_inc"].".php"); } else { echo("Not found/hacking attempt."); }
  25. Stephen
    Home. I rarely use my laptop, and it would be pretty pointless to go on during school.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.